Poster Paper 



Proc. of Int. Conf. on Advances in Signal Processing and Communication 2013 



Modified AOD V Algorithm using Data Mining 
Process: Classification and Clustering 

^rivastava Sumit (Dr.), 2 Maheshwari Shashikant 
Associate Professor, Department of Computing and Information Technology, 

Manipal University Jaipur 
2 M.Tech Scholar- NIS, Department of Computing and Information Technology, 
Manipal University Jaipur 
Mail-id: ^umit.srivastavaC^jaipur.manipal.edu, 2 lavish8@ gmail.com 



Abstract: - Security of Wireless Ad hoc network has a primary 
concern to provide protected communication between mobile 
nodes. When we routing some packet it can use both malicious 
node or authenticate node for forwarding and receiving data. 
Malicious node can attack like black hole, misuse of data or 
hacked information. Our aim is to discuss the feasibility of 
monitoring the node of different networks, to analyze it for 
providing better security in AODV routing protocol. We 
implement data mining techniques for search large amount 
of data according characteristic rules and patterns to detect 
malicious node. We have used growing neural gas (GNS) 
clustering algorithm to make clusters and analysis data. Using 
soft computing technique we find patterns, analysis node and 
take decision based on decision tree. 

Keywords: - Mobile Ad- hoc Network, AODV Routing protocol, 
Black hole attack, learning technique. 

I. Introduction 

An ad hoc network is a self-configuring network of Wire- 
less mobile nodes (router) without fixed infrastructure and 
centralized administration. They can communicate with multi- 
hop paths without access point and form arbitrary topology. 
Mobility is advantage for Ad-hoc network, Routers is free to 
move randomly, connect network environment transmits and 
receive data accordingly. Ad-hoc networks are very flexible, 
easily nodes can join and leave from network. Mobility of 
mobile node gave result in dynamic topology that makes 
highly vulnerable to security attacks and this is one main 
challenge of developers to develop secure Ad-hoc network 

[1]. 




Fig 1: Circuit Explaining Ad-Hoc Networks 

Generally we considered security of network we examine 
it under availability, integrity, confidentiality authentication 
and non-repudiation. Availability Ensure that the network is 
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survivable and remain available at all times. Integrity says 
that a packet being transferred is never corrupted. Confiden- 
tiality, certain information is never disclosed to unauthorized 
entities Authentication Enables a node to ensure the identity 
of the peer node that it is communicating with. Non-repudia- 
tion, states that sender of massage never deny sent [2]. 

Developing secure ad hoc routing, Security is a serious 
issue, Due to absence of infrastructure ad hoc network, 
Routing protocol vulnerable to attacks such as Black Hole 
Attack, Grey Hole Attack, and Flooding Attack. Due to 
security vulnerabilities against attacker very difficult to 
determine malicious nodes which drops packets in network, 
if more than one malicious node are available in 
communication path they will support to each other to perform 
attack. For detection of malicious activity we proposed 
growing neural gas algorithm which will identified activity of 
intruders and based on decision tree we will take decision 
[12]. 

The main goal of routing protocols is to minimize delay, 
maximize network throughput, maximize network lifetime and 
maximize efficiency. To detection of intruder's activity we 
proposed method using clustering algorithm easily identified 
attacks in network. 

The rest of the paper is organized as Section II 
background, section III related work. Section IV proposed 
solution, V Section simulation VI conclude the paper. 

II. Background 

A. Ad-Hoc On Demand Distance Vector 

There are three types of routing protocols: Proactive 
protocols, Reactive Protocols and Hybrid Protocols. Ad-hoc 
on demand distance vector (AODV) is a reactive protocol 
that doesn't require periodic advertisement. It enables 
maximum sequence number and minimum hop count 
dynamically maintain route table for intermediate nodes. 
AODV never falls in loop because it is based on sequence 
number that is serving as time stamps maintain latest 
information about intermediate node. Main advantage of 
AODV is least congested in minimum hop count [6]. 

B. Types of Attack onAodv 

There are two kinds of attack possible in AODV routing 
protocol passive attacks or active attacks. Passive attack 
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Fig 2: Diagram Explaining RREQ Packet traversing 

sneaks data without modification network operation therefore 
difficult to detect. Active attack does modification, fabrication. 
Some of those discussed here: 

Black hole attack: Black hole attack is one type of Distrib- 
uted Denial of Service attack. In black hole attack malicious 
node injecting itself with minimum hop count in RREP during 
route discovery when source sends control packet to mali- 
cious node even route is spurious. In black hole attach mali- 
cious node can intentionally intercept packet without for- 
ward it. There is one more form of attack can possible when 
attacker send selective packets it can modified other packets 
which is forward by other intermediate node When a group 
of malicious nodes are supporting to each other than condi- 
tion will become worst [3]. 




Fig 3: Diagram Explaining Malicious node 

Gray hole attack: - It is variation of black hole attack, malicious 
node send RREQ packet as having valid route with minimum 
hop count to destination. When sender will send packet, it 
forwards most of them but may drop packets coming from 
destination or some specific node. Sometime behaviour as 
normal some time may combine behaviours of attacker. These 
types of attacks very difficult identify. [4]. 
Flood Attack: - Ad-hoc network often deploy in such 
environment where nodes have no physical protection 
against unattended tempering, and Distributed Denial of 
services (DDos). There are three types DDos attacks possible 
flood attack, protocol attack, and logical attack. In this paper 
we will only discuss about flood attack. 

In AOD V intruder broadcast so many fake Route Request 
packet to consume bandwidth and resources of network and 
own define sequence number to make attack more dangerous. 
Due to impact of DDos attack our security will compromise in 
Availability. Flood attack also increase congestion on Ad- 
hoc network [5]. 



C. Data Mining Techniques 

Data mining can be viewed as an analysis of available 
information. Classification can be based on huge amount of 
data record. Clustering analysis algorithm can be used for 
partitioning a set of data object into subsets to check weather 
normal or intrusion behaviour. Clustering is a partitioning 
technique which divides the datasets into groups of M 
clusters. 

The goal of clustering is to group sets of objects in the 
same cluster, while dissimilar objects are in separate clusters. 
Clustering can be used as analysis and store information 
about node, pattern recognition and supervised learning. Any 
cluster should exhibit two main properties low inter-class 
similarity and high intra-class [7]. 

We proposed Neural- Gas clustering algorithm for 
comprehensive learning technique. In which multiple 
centroids update whenever data information is added. Update 
depends on distance between data object and cluster centre. 
Node analysis is concerned with Non-predictive modelling; 
each cluster will store information about Destination node, 
Next hop, Hop count, Destination sequence number, RREP 
sequence number, Expiration timer, Threshold value, Number 
of packets [11]. 

III. Related Work 

There are many mitigation and proposed solution for 
detection and prevention of malicious misbehaviour activity. 
Our study include strongly emphasized on Onkar V. Chandure 
[8] who proposed new secure aodv routing algorithm in gray 
hole attack. Analysis and found problem that it can't take 
decision and no efficient learning algorithm used for network. 
We have proposed solution which will take decision and use 
clustering algorithm to store information, train network and 
create skew heap tree for each and every node present in 
network which will insure confidentiality, integrity, availability, 
authentication and access control. In Ad-hoc network, to 
make secure AODV, the idea is to understand constraint and 
find possible mechanism for avoid network threat or detect 
them. We have analysed and found that AODV uses latest 
sequence number received by source node towards 
destination for any route. Hop count which is used for 
calculate number of hop from source to destination. It is 
updated so both should be stored in cluster using data mining 
technique. We proposed solution to take decision based on 
cluster so we can easily trained our network using learning 
algorithm. 

A. Detection of Attack 

We have analysed attributes and major challenges of 
black hole attack and found that, Attacker used two ap- 
proaches for disrupt routing process first is not forward 
packet act as black hole As a result it denies route for com- 
munication and second is, in process of route discovery from 
source to destination, a destination node has to update maxi- 
mum sequence number in RREQ packet. But malicious node 
prepares a RREP packet in which increase sequence number 
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of destination and convince to source node that it is offer 
new fresh route with minimum hop count. Source node avoids 
RREP packet from other node and start communication mali- 
cious node route. In flooding attack one particular malicious 
node continuous floods packet to consume bandwidth. We 
can detect attack using Threshold value Which will insure 
sequence number and number of packet generated by node 
and will train our network to detect attacker. 

B. Decision tree 

Set theory allows an object to check its degree of 
membership and form more than one set. Membership 
function describe, weather our object belongs or doesn't 
belongs to our set by simple true, false value. Once set 
membership function defined which will develop decision 
making capability and form tree structure. 

Decision tree contain node where each non- terminal 
shows test or composite decision based on AND, OR, NOT 
logic gates. Branches of tree will show result of test upon 
data sets. We start from root node and follow instruction 
towards down until reach to terminal (leaf) node. Leaf node 
labelled with concepts, and having membership function 
assigned clustering data. Decision tree can form special set 
rule, observe characteristics of node by hierarchical structure. 
[10][11] 

To create node skew heap data structure we used because 
it is self-adjusting heap and have ability to merge with 
logarithmic time. For addition, deletion, and merging time 
complexity is minimum. So we can easily demonstrate node 
creation tree structure [9]. 

IV. Proposed Algorithm 

A. Supervised Learning 

There are many learning algorithm available in which we 
proposed supervised learning technique to train network 
node. Network nodes are label with predefined rules and 
various classes based training data which is available from 
data mining algorithm. 

Initially in supervised learning accuracy of supervised 
algorithm deteriorates significantly because large amount of 
data is not labelled. But using mining algorithm and decision 
tree it can handle. 

We proposed our algorithm and it will start from 
initialization, in node processing first set waiting time for 
RREQ and for RREP source node to other neighbour's node, 
retrieve current time then find response time for each and 
every node. Additional data object check to find RREP 
sequence number value is higher than threshold value means 
node is detect as malicious node and node id store in database 
and this node will not take process further. Threshold value 
is depending on sequence number, hop count and number of 
message, and the end delay. All information was store in GNS 
clustering. However, the Identity of spurious node or 
suspected node information will be available in clusters. On 
this basis data apply supervised learning and will take decision 
to select proper node. Supervised learning classified node 
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on basis of attack and available information, GNS will support 
periodically update data object on behaviour of attack. We 
create tree for selected node process as shown in fig 4. 
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Fig 4: skew Tree for Node Creation 

V. Simulation 

All attacks which proposed in paper implemented in ns2 
and analysis delay, routing overhead packet delivery ratio 
(PDR) and dropped packet ratio, find out impact on AODV 
routing algorithm. 




Fig 5: Black hole attack implementation 
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Fig 6: Flooding attack implementation 
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Flooding: - 

Delay (ms) = 524.00 
Routing Overhead (%) = 3.97 
PDR= 16.12 

Dropped Packet Ratio = 83.89 

Black-hole attack: - 

Delay (ms)= 517.34 
Routing Overhead (%) = 18.05 
PDF (or Packet Data Ratio) = 4.11 
Dropped Packet Ratio = 95.91 

The result shows higher value for the PDR and lower 
value for the dropped packet ratio for flooding in comparison 
to Black-Hole attack emphasized on better performance for 
Flooding in comparison to Black-hole attack. Further we try 
to design the decision tree for the data obtained from the 
trace file. The training and testing sample were equally 
partitioned. The Deviation from the result was very less 
differed for flooding algorithm in comparison to the black 
hole attack. Also the overall classification rate very differed 
slightly in training sample in comparison to testing samples 
as shown in the Table [1]. 



Table I. Classification for the Flooding and Black-Hole attack data 



Sample 


Observed 


Predicted 


opration:9 


Percent 
Correct 


Training 


opration:0 


9 


99.7% 


opration:l 


1 


.0% 


opration:2 





38.5% 


opration:3 


1 


.0% 


opration:4 


1 


42.0% 


opration:5 


11 


17.0% 


opration:6 


10 


40.6% 


opration:8 


1 


40.6% 


opration:9 


14 


25.0% 


Overall 
Percentage 


.2% 


78.0% 


Test 


opration:0 


13 


99.7% 


opration:l 


1 


.0% 


opration:2 





39.6% 


opration:3 


1 


.0% 


opration:4 


3 


43.9% 


opration:5 


13 


17.0% 


opration:6 


12 


40.8% 


opration:8 


1 


40.7% 


opration:9 


8 


13.8% 


Overall 
Percentage 


.2% 


78.0% 
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Growing Method: CHAID 
Dependent Variable: opration:4 

VI. Conclusion 

Ad-hoc network require less complex efficient, reliable, 
highly secure routing protocol because it contain self- 
organize in- secure dynamic topology in which nodes are 
continuous changing its position. AODV is vulnerable to 
Route discovery in black hole, gray hole, and flooding attacks. 
Therefore we discussed techniques for detection and 
prevention of attacks and take decision using learning to 
make more secure AODV routing algorithm. The further work 
can be discussed by considering the various node structures 
so to compare the performance of each with respect to the 
Packet drop rate and packet data rate. 
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